Joomla Third-Party Plugins Multiple Vulnerabilities


Description   (#Several vulnerabilities has been identified in Joomla's plugins:#- garyscookbook : arbitrary file upload. A remote attacker could exploit by uploading a malicious PHP script file in order to execute arbitrary PHP code.##- smartformer: arbitrary file upload. A remote attacker could exploit by uploading a malicious PHP script file in order to execute arbitrary PHP code.##- osproperty: arbitrary file upload. A remote attacker could exploit by uploading a malicious PHP script file in order to execute arbitrary PHP code.##- simple calendar: SQL injection. A remote attacker could exploit it by using URLs that include specially crafted SQL statements in order to modify or delete entries in some database tables. This vulnerability is due to an improper validation of user-supplied input used in SQL queries in the "id" parameter##- securitycheck: cross-site scripting and SQL injection. A remote attacker can exploit it in order to execute arbitrary JavaScript, HTML or SQL code. These vulnerabilities stem from improper user-input sanitization in the "option" parameter.)
     
Vulnerable Products   Vulnerable Software:
Joomla (OSM Development Team) -
     
Solution   Version 2.8.10 of SecurityCheck fixes the vulnerability affecting it.
     
CVE  
     
References   - Joomla Component com_smartformer shell upload Vulnerability - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016050056
- Joomla com_garyscookbook file upload - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016050057
- Full Disclosure: Joomla SecurityCheck extension - Multiple vulnerabilities
http://seclists.org/fulldisclosure/2016/Jun/6
- Joomla Simple Calendar 0.7.6b SQL Injection ? Packet Storm
https://packetstormsecurity.com/files/137219/joomlasimplecalendar-sql.txt
- Joomla com property unrestricted file upload image php - CXSecurity.com
https://cxsecurity.com/issue/WLB-2016050058
     
Vulnerability Manager Detection   No
     
IPS Protection  
ASQ Engine alarm Available Since
XSS - Prevention - GET : suspicious 'iframe' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'meta' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OR statement in URL
3.2.0
XSS - Prevention - GET : suspicious tag with event found in URL
3.2.0
XSS - Prevention - GET : suspicious 'applet' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious combination of 'OR' or 'AND' statements in URL
3.2.0
SQL injection Prevention - GET : suspicious CREATE statement in URL
3.2.0
SQL injection Prevention - GET : suspicious CAST statement in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENROWSET statement in URL
3.2.0
SQL injection Prevention - GET : suspicious DECLARE statement in URL
3.2.0
XSS - Phishing : suspicious 'div' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' attribute found in URL
3.2.0
XSS - Prevention - GET : suspicious 'img' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious OPENQUERY statement in URL
3.2.0
SQL injection Prevention - GET : suspicious shutdown statement in URL
3.2.0
SQL injection Prevention - GET : suspicious UNION SELECT statement in URL
3.2.0
SQL injection Prevention - GET : possible database version probing
3.2.0
XSS - Phishing : suspicious 'a' tag found in URL
3.2.0
XSS - Prevention - GET : cookie access attempt using script language found in URL
3.2.0
SQL injection Prevention - GET : suspicious UPDATE SET statement in URL
3.2.0
XSS - Prevention - GET : suspicious 'embed' tag found in URL
3.2.0
XSS - Prevention - GET : suspicious 'object' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious SELECT statement in URL
3.2.0
XSS - Phishing : suspicious 'form' tag found in URL
3.2.0
SQL injection Prevention - GET : suspicious INSERT statement in URL
3.2.0
XSS - Prevention - GET : javascript code found in URL
3.2.0
SQL injection Prevention - GET : suspicious DROP statement in URL
3.2.0
SQL injection Prevention - GET : suspicious EXEC statement in URL
3.2.0
XSS - Prevention - GET : evasion attempt using tag characters encoding in URL
3.2.0
SQL injection Prevention - GET : block comment delimiters in URL
3.2.0
XSS - Prevention - GET : suspicious 'style' tag found in URL
3.2.0
XSS - Phishing : suspicious 'link' tag found in URL
3.2.0
XSS - Prevention - GET : 'script' tag found in URL
3.2.0
XSS - Prevention - GET : 'location' javascript object found in URL
3.2.0
XSS - Prevention - GET : suspicious 'div' tag found in URL
3.2.0
Joomla com_garyscookbook arbitrary file upload
5.0.0
SQL injection Prevention - GET : suspicious combination of 'select' and 'sleep' statements in URL
5.0.0
SQL injection Prevention - GET : Evasion attempt with CAST and EXEC statements
5.0.0
SQL injection Prevention - GET : Authentication bypass attempt with OR statement
5.0.0
     


 
 
 
 
 Risk level 
High 

 Vulnerability First Public Report Date 
2016-05-13 

 Target Type 
Client + Server 

 Possible exploit 
Remote